CVE-2026-56773

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

CVE-2026-56773

CVE-2026-56773 concerns Teable’s v2 REST API controller, where missing @Permissions metadata on ORPC endpoints allows any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases/tables via endpoints like GET /ap...

CVE-2026-56773 Teable - Missing Authorization in v2 REST API

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST...

CVE-2026-9566

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

CVE-2026-9566

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

EUVD-2026-31906

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

CVE-2026-9566 teableio teable Sign-up LoginPage.tsx cross site scripting

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

CVE-2026-9566 teableio teable Sign-up LoginPage.tsx cross site scripting

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

CVE-2026-9566

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

CVE-2026-9566

Summary: CVE-2026-9566 affects teableio/Teable up to 1.9.x. The issue resides in the LoginPage.tsx (apps/nextjs-app/src/features/auth/pages/LoginPage.tsx) where manipulation of the redirect parameter can trigger cross-site scripting. The attack is remote and the exploit is publicly available, wit...

teable 代码注入漏洞

Teable is an open-source online no-code database platform developed by Teable. Versions of Teable 1.9.x and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown feature in the Sign-up component’s file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx,...

PT-2026-43372

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...